Merge branch 'master' into fix-browser-idp-auto-download

.github/workflows/go.yml

@@ -2,62 +2,58 @@ name: Go
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
   pull_request:
-    branches: [ master ]
+    branches: [master]
 
 jobs:
-
   build:
     name: Build
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-18.04, macOS-latest, macos-11]
+        os: [ubuntu-latest, macOS-latest, macos-11]
     steps:
-
-    - name: Set up Go 1.x
-      uses: actions/setup-go@v4
-      with:
-        go-version: 1.20.x
-
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v3
-
-    - name: Test
-      run: |
-        go install github.com/playwright-community/playwright-go/cmd/playwright
-        playwright install --with-deps
-        go test -v ./... -coverprofile=${{ matrix.os }}_coverage.txt -covermode=atomic
-
-    - name: Upload coverage report
-      uses: actions/upload-artifact@v3
-      with:
-        name: reports
-        path: ${{ matrix.os }}_coverage.txt
-        if-no-files-found: error
-        retention-days: 1        
-
-    - name: Install
-      run: go install ./cmd/saml2aws
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.20.x
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+
+      - name: Test
+        run: |
+          go run github.com/playwright-community/playwright-go/cmd/playwright install
+          go test -v ./... -coverprofile=${{ matrix.os }}_coverage.txt -covermode=atomic
+
+      - name: Upload coverage report
+        uses: actions/upload-artifact@v3
+        with:
+          name: reports
+          path: ${{ matrix.os }}_coverage.txt
+          if-no-files-found: error
+          retention-days: 1
+
+      - name: Install
+        run: go install ./cmd/saml2aws
 
   linting:
     name: lint
     runs-on: ubuntu-latest
     steps:
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.20.x
 
-    - name: Set up Go 1.x
-      uses: actions/setup-go@v4
-      with:
-        go-version: 1.20.x
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
 
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v3
-
-    - name: golangci-lint
-      uses: golangci/golangci-lint-action@v3
-      with:
-        version: v1.51.2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          version: v1.51.2
 
   coverage:
     name: coverage
@@ -66,49 +62,48 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build]
     steps:
-    - uses: actions/checkout@v3
-    - name: Download coverage reports
-      uses: actions/download-artifact@v3
-      with:
-        name: reports
-        path: reports
-
-    - name: Codecov
-      uses: codecov/codecov-action@v3
-      with:
-        directory: reports
-        flags: unittests
+      - uses: actions/checkout@v3
+      - name: Download coverage reports
+        uses: actions/download-artifact@v3
+        with:
+          name: reports
+          path: reports
+
+      - name: Codecov
+        uses: codecov/codecov-action@v3
+        with:
+          directory: reports
+          flags: unittests
 
   release-build:
     name: release-build
     strategy:
       matrix:
         os:
-        - ubuntu-latest
-        - macos-latest
+          - ubuntu-latest
+          - macos-latest
     runs-on: ${{ matrix.os }}
     steps:
-
-    - name: Set up Go 1.x
-      uses: actions/setup-go@v4
-      with:
-        go-version: 1.20.x
-
-    - name: Check out code into the Go module directory
-      uses: actions/checkout@v3
-
-    - name: Install dependency required for linux builds
-      if: matrix.os == 'ubuntu-latest'
-      run: sudo apt-get update && sudo apt-get install -y libudev-dev
-
-    - name: GoReleaser
-      uses: goreleaser/goreleaser-action@v4
-      with:
-        version: latest
-        args: build --snapshot --clean --config .goreleaser.${{ matrix.os }}.yml
-
-    - name: Upload
-      uses: actions/upload-artifact@v3
-      with:
-        name: saml2aws
-        path: dist/
+      - name: Set up Go 1.x
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.20.x
+
+      - name: Check out code into the Go module directory
+        uses: actions/checkout@v3
+
+      - name: Install dependency required for linux builds
+        if: matrix.os == 'ubuntu-latest'
+        run: sudo apt-get update && sudo apt-get install -y libudev-dev
+
+      - name: GoReleaser
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          version: latest
+          args: build --snapshot --clean --config .goreleaser.${{ matrix.os }}.yml
+
+      - name: Upload
+        uses: actions/upload-artifact@v3
+        with:
+          name: saml2aws
+          path: dist/

Makefile

@@ -1,11 +1,11 @@
 NAME=saml2aws
 ARCH=$(shell uname -m)
 OS=$(shell uname)
-VERSION=2.28.0
 ITERATION := 1
 
 GOLANGCI_VERSION = 1.45.2
-GORELEASER_VERSION = 0.157.0
+
+GORELEASER := $(shell command -v goreleaser 2> /dev/null)
 
 SOURCE_FILES?=$$(go list ./... | grep -v /vendor/)
 TEST_PATTERN?=.
@@ -36,11 +36,16 @@ install:
 	go install ./cmd/saml2aws
 .PHONY: mod
 
-build: $(BIN_DIR)/goreleaser
+build:
+
+ifndef GORELEASER
+    $(error "goreleaser is not available please install and ensure it is on PATH")
+endif
+
 ifeq ($(OS),Darwin)
-	$(BIN_DIR)/goreleaser build --snapshot --clean --config $(CURDIR)/.goreleaser.macos-latest.yml
+	goreleaser build --snapshot --clean --config $(CURDIR)/.goreleaser.macos-latest.yml
 else ifeq ($(OS),Linux)
-	$(BIN_DIR)/goreleaser build --snapshot --clean --config $(CURDIR)/.goreleaser.ubuntu-latest.yml
+	goreleaser build --snapshot --clean --config $(CURDIR)/.goreleaser.ubuntu-latest.yml
 else
 	$(error Unsupported build OS: $(OS))
 endif

README.md

@@ -115,7 +115,7 @@ While brew is available for Linux you can also run the following without using a
 
 ```
 CURRENT_VERSION=$(curl -Ls https://api.github.com/repos/Versent/saml2aws/releases/latest | grep 'tag_name' | cut -d'v' -f2 | cut -d'"' -f1)
-wget -c https://github.com/Versent/saml2aws/releases/download/v${CURRENT_VERSION}/saml2aws_${CURRENT_VERSION}_linux_amd64.tar.gz -O - | tar -xzv -C ~/.local/bin
+wget -c "https://github.com/Versent/saml2aws/releases/download/v${CURRENT_VERSION}/saml2aws_${CURRENT_VERSION}_linux_amd64.tar.gz" -O - | tar -xzv -C ~/.local/bin
 chmod u+x ~/.local/bin/saml2aws
 hash -r
 saml2aws --version
@@ -277,7 +277,7 @@ Commands:
     Emit a script that will export environment variables.
 
     -p, --profile=PROFILE      The AWS profile to save the temporary credentials. (env: SAML2AWS_PROFILE)
-        --shell=bash           Type of shell environment. Options include: bash, powershell, fish, env
+        --shell=bash           Type of shell environment. Options include: bash, /bin/sh, powershell, fish, env
         --credentials-file=CREDENTIALS-FILE
                                The file that will cache the credentials retrieved from AWS. When not specified, will use the default AWS credentials file location. (env: SAML2AWS_CREDENTIALS_FILE)
 
@@ -297,7 +297,7 @@ export AWS_CREDENTIAL_EXPIRATION="2016-09-04T38:27:00Z00:00"
 SAML2AWS_PROFILE=saml
 ```
 
-Powershell, and fish shells are supported as well.
+Powershell, sh and fish shells are supported as well.
 Env is useful for all AWS SDK compatible tools that can source an env file. It is a powerful combo with docker and the `--env-file` parameter.
 
 If you use `eval $(saml2aws script)` frequently, you may want to create a alias for it:

aws_role.go

@@ -2,6 +2,7 @@ package saml2aws
 
 import (
 	"fmt"
+	"regexp"
 	"strings"
 )
 
@@ -29,7 +30,8 @@ func ParseAWSRoles(roles []string) ([]*AWSRole, error) {
 }
 
 func parseRole(role string) (*AWSRole, error) {
-	tokens := strings.Split(role, ",")
+	r, _ := regexp.Compile("arn:([^:\n]*):([^:\n]*):([^:\n]*):([^:\n]*):(([^:/\n]*)[:/])?([^:,\n]*)")
+	tokens := r.FindAllString(role, -1)
 
 	if len(tokens) != 2 {
 		return nil, fmt.Errorf("Invalid role string only %d tokens", len(tokens))

cmd/saml2aws/commands/script.go

@@ -20,6 +20,14 @@ export SAML2AWS_PROFILE={{ .ProfileName }}
 export AWS_CREDENTIAL_EXPIRATION={{ .Expires.Format "2006-01-02T15:04:05Z07:00" }}
 `
 
+const shTmpl = `export AWS_ACCESS_KEY_ID={{ .AWSAccessKey }}
+export AWS_SECRET_ACCESS_KEY={{ .AWSSecretKey }}
+export AWS_SESSION_TOKEN={{ .AWSSessionToken }}
+export AWS_SECURITY_TOKEN={{ .AWSSecurityToken }}
+export SAML2AWS_PROFILE={{ .ProfileName }}
+export AWS_CREDENTIAL_EXPIRATION={{ .Expires.Format "2006-01-02T15:04:05Z07:00" }}
+`
+
 const fishTmpl = `set -gx AWS_ACCESS_KEY_ID {{ .AWSAccessKey }}
 set -gx AWS_SECRET_ACCESS_KEY {{ .AWSSecretKey }}
 set -gx AWS_SESSION_TOKEN {{ .AWSSessionToken }}
@@ -99,6 +107,8 @@ func buildTmpl(shell string, data interface{}) (string, error) {
 	switch shell {
 	case "bash":
 		t, err = t.Parse(bashTmpl)
+	case "/bin/sh":
+		t, err = t.Parse(shTmpl)
 	case "powershell":
 		t, err = t.Parse(powershellTmpl)
 	case "fish":

cmd/saml2aws/commands/script_test.go

@@ -25,7 +25,40 @@ func TestBuildTmplBash(t *testing.T) {
 	}
 
 	st, err := buildTmpl("bash", data)
-	assert.ErrorIs(t, err, nil)
+	assert.Nil(t, err)
+
+	expected := []string{
+		"export AWS_ACCESS_KEY_ID=access_key",
+		"export AWS_SECRET_ACCESS_KEY=secret_key",
+		"export AWS_SESSION_TOKEN=session_token",
+		"export AWS_SECURITY_TOKEN=security_token",
+		"export SAML2AWS_PROFILE=test_profile",
+	}
+
+	for _, test_string := range expected {
+		assert.Contains(t, st, test_string)
+	}
+
+}
+
+func TestBuildTmplSh(t *testing.T) {
+
+	data := struct {
+		ProfileName string
+		*awsconfig.AWSCredentials
+	}{
+		"test_profile",
+		&awsconfig.AWSCredentials{
+			AWSSecretKey:     "secret_key",
+			AWSAccessKey:     "access_key",
+			AWSSessionToken:  "session_token",
+			AWSSecurityToken: "security_token",
+			Expires:          time.Now(),
+		},
+	}
+
+	st, err := buildTmpl("/bin/sh", data)
+	assert.Nil(t, err)
 
 	expected := []string{
 		"export AWS_ACCESS_KEY_ID=access_key",
@@ -58,7 +91,7 @@ func TestBuildTmplFish(t *testing.T) {
 	}
 
 	st, err := buildTmpl("fish", data)
-	assert.ErrorIs(t, err, nil)
+	assert.Nil(t, err)
 
 	expected := []string{
 		"set -gx AWS_ACCESS_KEY_ID access_key",
@@ -91,7 +124,7 @@ func TestBuildTmplEnv(t *testing.T) {
 	}
 
 	st, err := buildTmpl("env", data)
-	assert.ErrorIs(t, err, nil)
+	assert.Nil(t, err)
 
 	expected := []string{
 		"AWS_ACCESS_KEY_ID=access_key",

cmd/saml2aws/main.go

@@ -152,9 +152,9 @@ func main() {
 	cmdScript.Flag("credentials-file", "The file that will cache the credentials retrieved from AWS. When not specified, will use the default AWS credentials file location. (env: SAML2AWS_CREDENTIALS_FILE)").Envar("SAML2AWS_CREDENTIALS_FILE").StringVar(&commonFlags.CredentialsFile)
 	var shell string
 	cmdScript.
-		Flag("shell", "Type of shell environment. Options include: bash, powershell, fish, env").
+		Flag("shell", "Type of shell environment. Options include: bash, /bin/sh, powershell, fish, env").
 		Default("bash").
-		EnumVar(&shell, "bash", "powershell", "fish", "env")
+		EnumVar(&shell, "bash", "/bin/sh", "powershell", "fish", "env")
 
 	// Trigger the parsing of the command line inputs via kingpin
 	command := kingpin.MustParse(app.Parse(os.Args[1:]))

go.mod

@@ -9,7 +9,7 @@ require (
 	github.com/PuerkitoBio/goquery v1.8.1
 	github.com/alecthomas/kingpin v2.2.6+incompatible
 	github.com/avast/retry-go v3.0.0+incompatible
-	github.com/aws/aws-sdk-go v1.44.225
+	github.com/aws/aws-sdk-go v1.44.235
 	github.com/beevik/etree v1.1.0
 	github.com/danieljoos/wincred v1.1.2
 	github.com/google/uuid v1.3.0

go.sum

@@ -24,8 +24,8 @@ github.com/andybalholm/cascadia v1.3.1/go.mod h1:R4bJ1UQfqADjvDa4P6HZHLh/3OxWWEq
 github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5doyWs3UAsr3K4I6qtAmlQcZDesFNEHPZAzj8=
 github.com/avast/retry-go v3.0.0+incompatible h1:4SOWQ7Qs+oroOTQOYnAHqelpCO0biHSxpiH9JdtuBj0=
 github.com/avast/retry-go v3.0.0+incompatible/go.mod h1:XtSnn+n/sHqQIpZ10K1qAevBhOOCWBLXXy3hyiqqBrY=
-github.com/aws/aws-sdk-go v1.44.225 h1:JNJpUg+M1cm4jtKnyex//Mw1Rv8QN/kWT3dtr+oLdW4=
-github.com/aws/aws-sdk-go v1.44.225/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.44.235 h1:5MS1ZW1Pr27mmHFqqjuXYwGMlNTW/g6DqU5ekamPMeU=
+github.com/aws/aws-sdk-go v1.44.235/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/bearsh/hid v1.3.0 h1:GLNa8hvEzJxzQEEpheDUr2SivvH7iwTrJrDhFKutfX8=
 github.com/bearsh/hid v1.3.0/go.mod h1:KbQByg8WfPr92v7aaKAHTtZUEVG7e2XRpcF8+TopQv8=
 github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=